aboutsummaryrefslogtreecommitdiff
path: root/lang/python35
diff options
context:
space:
mode:
authorBernard Spil <brnrd@FreeBSD.org>2018-04-28 19:17:33 +0000
committerBernard Spil <brnrd@FreeBSD.org>2018-04-28 19:17:33 +0000
commit1d86ad3fc79d4655f799d2d2c87f008159209156 (patch)
tree74ee5e1869332b7e6883047eb94603d77f26f1b4 /lang/python35
parent54ca080c2436ed35e806860be0fe915b2b578c95 (diff)
downloadports-1d86ad3fc79d4655f799d2d2c87f008159209156.tar.gz
ports-1d86ad3fc79d4655f799d2d2c87f008159209156.zip
Notes
Diffstat (limited to 'lang/python35')
-rw-r--r--lang/python35/files/patch-issue3312799
1 files changed, 99 insertions, 0 deletions
diff --git a/lang/python35/files/patch-issue33127 b/lang/python35/files/patch-issue33127
new file mode 100644
index 000000000000..0e34cd382b9b
--- /dev/null
+++ b/lang/python35/files/patch-issue33127
@@ -0,0 +1,99 @@
+From f5befbb0d1526f18eb2b24eabb48c3b761c624a2 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Sat, 24 Mar 2018 18:38:14 +0100
+Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0
+ (GH-6210) (GH-6214)
+
+LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
+LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
+LibreSSL < 2.7.
+
+Documentation updates and fixes for failing tests will be provided in
+another patch set.
+
+Signed-off-by: Christian Heimes <christian@python.org>.
+(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
+
+Co-authored-by: Christian Heimes <christian@python.org>
+---
+ Lib/test/test_ssl.py | 1 +
+ .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst | 1 +
+ Modules/_ssl.c | 24 ++++++++++++++--------
+ Tools/ssl/multissltests.py | 3 ++-
+ 4 files changed, 20 insertions(+), 9 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+
+diff --git Lib/test/test_ssl.py Lib/test/test_ssl.py
+index 8dd3b41450..9785a59a7e 100644
+--- Lib/test/test_ssl.py
++++ Lib/test/test_ssl.py
+@@ -1687,6 +1687,7 @@ class SimpleBackgroundTests(unittest.TestCase):
+ self.assertEqual(len(ctx.get_ca_certs()), 1)
+
+ @needs_sni
++ @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2")
+ def test_context_setget(self):
+ # Check that the context of a connected socket can be replaced.
+ ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+diff --git Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.
+olJmHv.rst
+new file mode 100644
+index 0000000000..635aabbde0
+--- /dev/null
++++ Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+@@ -0,0 +1 @@
++The ssl module now compiles with LibreSSL 2.7.1.
+diff --git Modules/_ssl.c Modules/_ssl.c
+index c54e43c2b4..5e007da858 100644
+--- Modules/_ssl.c
++++ Modules/_ssl.c
+@@ -101,8 +101,14 @@
+
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ # define OPENSSL_VERSION_1_1 1
++# define PY_OPENSSL_1_1_API 1
+ #endif
+
++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++# define PY_OPENSSL_1_1_API 1
++#endif
++
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+ http://www.openssl.org/news/changelog.html
+ */
+@@ -129,16 +135,18 @@
+ #define INVALID_SOCKET (-1)
+ #endif
+
+-#ifdef OPENSSL_VERSION_1_1
+-/* OpenSSL 1.1.0+ */
+-#ifndef OPENSSL_NO_SSL2
+-#define OPENSSL_NO_SSL2
+-#endif
+-#else /* OpenSSL < 1.1.0 */
+-#if defined(WITH_THREAD)
++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
+ #define HAVE_OPENSSL_CRYPTO_LOCK
+ #endif
+
++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
++#define OPENSSL_NO_SSL2
++#endif
++
++#ifndef PY_OPENSSL_1_1_API
++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
++
+ #define TLS_method SSLv23_method
+
+ static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+@@ -187,7 +195,7 @@
+ {
+ return store->param;
+ }
+-#endif /* OpenSSL < 1.1.0 or LibreSSL */
++#endif /* OpenSSL < 1.1.0 or or LibreSSL < 2.7.0 */
+
+
+ enum py_ssl_error {